× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6ae29cb8ea1715f9b4d5d5993ce3bf80a177ce2a1b6c7b843ea090fc19ad7a3b
File name: ckahcomm.dll
Detection ratio: 0 / 47
Analysis date: 2013-11-07 10:15:39 UTC ( 5 years, 4 months ago )
Antivirus Result Update
Yandex 20131105
AhnLab-V3 20131106
AntiVir 20131107
Antiy-AVL 20131107
Avast 20131107
AVG 20131107
Baidu-International 20131107
BitDefender 20131107
Bkav 20131107
ByteHero 20131104
CAT-QuickHeal 20131107
ClamAV 20131107
Commtouch 20131107
Comodo 20131107
DrWeb 20131107
Emsisoft 20131107
ESET-NOD32 20131107
F-Prot 20131107
F-Secure 20131107
Fortinet 20131107
GData 20131107
Ikarus 20131107
Jiangmin 20131107
K7AntiVirus 20131106
K7GW 20131106
Kaspersky 20131107
Kingsoft 20130829
Malwarebytes 20131107
McAfee 20131107
McAfee-GW-Edition 20131107
Microsoft 20131107
eScan 20131107
NANO-Antivirus 20131107
Norman 20131107
nProtect 20131107
Panda 20131107
Rising 20131107
Sophos AV 20131107
SUPERAntiSpyware 20131106
Symantec 20131107
TheHacker 20131106
TotalDefense 20131106
TrendMicro 20131107
TrendMicro-HouseCall 20131107
VBA32 20131106
VIPRE 20131107
ViRobot 20131107
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file.
Authenticode signature block and FileVersionInfo properties
Copyright
© 2012 Kaspersky Lab ZAO. All Rights Reserved.

Publisher Kaspersky Lab
Product Kaspersky Anti-Virus
Original name CKAHComm.DLL
Internal name CKAHComm
File version 13.0.2.558
Description Kaspersky Anti-Hacker Communication Library
Signature verification Signed file, verified signature
Signing date 3:19 PM 12/20/2012
Signers
[+] Kaspersky Lab
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 2/15/2012
Valid to 12:59 AM 3/8/2013
Valid usage Code Signing
Algorithm SHA1
Thumbprint 90E68EB265AE70DF186A6E20F8DEB2C230EA5EDC
Serial number 16 E5 A7 75 12 03 00 FB 34 19 45 8B 40 D4 08 34
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer None
Valid from 1:00 AM 2/8/2010
Valid to 12:59 AM 2/8/2020
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer None
Valid from 1:00 AM 11/8/2006
Valid to 12:59 AM 7/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer None
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 5/20/2022
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint D43989A11E5961CC13A58008172BF544DA11F1E6
Serial number 7E 1F DF 72 99 E8 D2 45 A1 5D 0B A8 E5 B1 59 BA
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer None
Valid from 3:38 PM 10/18/2012
Valid to 3:38 PM 5/20/2022
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 44D7BC278829171472CAB5419C4ABDF1AC60EAC9
Serial number 02 3A 64
[+] GeoTrust Global CA
Status Valid
Issuer None
Valid from 5:00 AM 5/21/2002
Valid to 5:00 AM 5/21/2022
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm SHA1
Thumbrint DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212
Serial number 02 34 56
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-20 14:17:41
Entry Point 0x00006B49
Number of sections 5
PE sections
PE imports
GetLastError
HeapFree
EnterCriticalSection
TerminateThread
WaitForSingleObject
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
DisableThreadLibraryCalls
DeleteCriticalSection
GetCurrentProcess
GetCurrentProcessId
CreateSemaphoreA
UnhandledExceptionFilter
WaitForMultipleObjects
InterlockedCompareExchange
GetProcessHeap
SuspendThread
ReleaseSemaphore
CreateThread
GetExitCodeThread
InterlockedExchange
SetUnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
DecodePointer
HeapAlloc
TerminateProcess
ResetEvent
InitializeCriticalSection
CreateEventA
Sleep
EncodePointer
GetCurrentThreadId
LeaveCriticalSection
?width@ios_base@std@@QBE_JXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?setf@ios_base@std@@QAEHHH@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?_BADOFF@std@@3_JB
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W0@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Incref@facet@locale@std@@QAEXXZ
?widen@?$ctype@_W@std@@QBE_WD@Z
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
??Bid@locale@std@@QAEIXZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Xlength_error@std@@YAXPBD@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
??0_Lockit@std@@QAE@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
??1_Lockit@std@@QAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?width@ios_base@std@@QAE_J_J@Z
_malloc_crt
??0bad_cast@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
malloc
__dllonexit
__clean_type_info_names_internal
_amsg_exit
??1bad_cast@std@@UAE@XZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??2@YAPAXI@Z
_lock
_onexit
??_V@YAXPAX@Z
_initterm_e
_CxxThrowException
?terminate@@YAXXZ
_unlock
_crt_debugger_hook
??3@YAXPAX@Z
free
__CxxFrameHandler3
_except_handler4_common
calloc
memcpy
??0exception@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??1exception@std@@UAE@XZ
memmove
??0exception@std@@QAE@ABQBD@Z
_encoded_null
__CppXcptFilter
_initterm
UuidEqual
FSSYNC_SAF
DRV_GSIM
FSSYNC_GFN
FSSync_DT
FSSync_DR
FSSync_DUR
FSSYNC_GEVM
FSSYNC_GFNP
DRV_LGEX
DRV_LIN
FSSYNC_CHFP
FSSync_YLD
DRV_LDON
FSSync_DTT
FSSYNC_GFF
DRV_LFF
FSSync_ADFE
FSSync_BRC
DRV_LFN
FSSYNC_GFI
FSSync_PMQ
FSSync_PEM
FSSync_SV
FSSYNC_GHP
FSSYNC_FD
FSSync_DCS
FSSYNC_FC
PE exports
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 1
ENGLISH US 1
PE resources
Compressed bundles
File identification
MD5 e7dc3375e3a67b1cff8dc8641e6970ff
SHA1 7907dd7cbd563dacb731148deb8358dcffd8bebe
SHA256 6ae29cb8ea1715f9b4d5d5993ce3bf80a177ce2a1b6c7b843ea090fc19ad7a3b
ssdeep
1536:dbUGMoUZuada8Pd32s2W4rWBhOnuMMOP3Y:dk/zPB2s2PrWHOn7MOfY

File size 58.5 KB ( 59912 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pedll signed

VirusTotal metadata
First submission 2013-11-07 10:15:39 UTC ( 5 years, 4 months ago )
Last submission 2013-11-07 10:15:39 UTC ( 5 years, 4 months ago )
File names ckahcomm.dll
ckahcomm.dll.1077_2553_4126.removeOnNextReboot
ckahcomm.dll
ckahcomm.dll
ckahcomm.dll
CKAHComm
ckahcomm.dll
ckahcomm.dll
e7dc3375e3a67b1cff8dc8641e6970ff
ckahcomm.dll
CKAHComm.DLL
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!